curl: (60) Denied establishing ssh session: mismatch sha256 fingerprint. Remote ��z�i/XEa"��P�R��h�]���wl�q���)� is not equal to C:/msys64/Ad6smkvWEVhIs/nUM1S2fOjaL9djxb6d2zkcbQUgik
The error message is supposed to show two sha256 fingerprints in base64 format. The gibberish came from a printing mistake and I landed 3467e89 to fix it. The reason the match failed was not because of that but because one of the keys is C:/msys64/Ad6smkvWEVhIs/nUM1S2fOjaL9djxb6d2zkcbQUgik, note the erroneous C:/msys64/. There should be just a base64 string there.
My guess is this has something to do with msys2 path interpretation. Maybe the base64 string had a leading / and so msys2 converted that to C:/msys64/. There is an msys2 environment variable MSYS2_ARG_CONV_EXCL that can be set to stop msys2 from tampering with arguments. That is already done in appveyor configs, for example: